[Gergely Madarasz]

Hello,

If I want to access the mailman pages thru a different url (like http://somehost/cgi-bin/mailman/, the cgi-bin directory has a symlink to mailman/cgi-bin) the cookie authentication is problematic.

Yup -- we wouldn't want browsers to send out Mailman cookies unless they actually are getting a Mailman page. Thus, the "path" setting of the Mailman-issued cookies are set to whatever the path part of mm_cfg.DEFAULT_URL is (i.e. normally "/mailman").

This means that Mailman cookies won't be sent to the server if you access the Mailman interface via some other CGI-script path.

It allows access for the first time but after that it wants authentication again.

Actually it is the password you send that gets you through the first time, and not any cookie.

Could this be fixed somehow ?

I don't think we want to try being clever with any of the CGI environment variables for figuring out what URLs the cookies should be sent out for.

This way there wouldn't be need to configure the webserver to use the /mailman/ alias.

If you don't want to add the /mailman/ ScriptAlias (or whatever) to your web server configuration, Mailman's setting of mm_cfg.DEFAULT_URL should reflect this. This means that if you access all your Mailman CGI wrappers as e.g. <URL:http://mailman-host/cgi-bin/wrappername>, you should set

DEFAULT_URL = "http://mailman-host/cgi-bin"

in $prefix/Mailman/mm_cfg.py. Mailman cookies will then be sent out to any script in this cgi-bin directory.

If you use both .../cgi-bin/wrappername and .../mailman/wrappername type URLs interchangeably, the cookies won't work for (at least) one of those -- so, you *shouldn't* use both types of URLs interchangeably.

Harald